google maps - How to accept only certain special characters while accepting a location address in PHP? -

i want accept address of place , enter database. if send address parameter following function remove initial , end spaces along special characters

 public function sanitizestring($string){         $sanitized_string = htmlentities(mysqli_real_escape_string($this->conn, trim($string)));         return $sanitized_string;     } 

but know in addresses

1/a grand trunk road, kolkata - 31

there few special characters '/', '-', ',' has accounted for.

i want store address of places in database , convert them latitudes , longitudes using google maps geocoding api , use markers mark them on google map.

can suggest me way on how sanitize address keeping special characters intact or other way store addresses of places ?

edit

for asking, use pdo prepared statements when dealing database queries. here instance

public function getuserbyemailandpassword($email, $password){         $stmt= $this->conn->prepare("select * users email= ? , status=1");         $stmt->bind_param("s", $email);          if($stmt->execute()){             $user= $stmt->get_result()->fetch_assoc();             $stmt->close();             return $user;         }         else{             return null;         }     } 

but before pass $email parameter, sanitizing using mysqli_real_escape_string not need do, because prepare , bind_param takes care of sql injection think.

as general rule, when using pdo, don't try sanitize values when inserting database. have prepared statements , parameter binding options prevent sql injection

now when use information stored in database (which contain malicious code), use function htmlspecialchars() when echo anything. example:

//if obtained info database follows: $row = $stmt->fetch();  //then can output follows: echo htmlspecialchars($row['address']); 

and code protected both sql injection (if used prepared statements , binding parameters when inserting information datbase) , xss function htmlspecialchars()